• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 585
  • Last Modified:

Javabeans or Cookies

Hi guys

I am mocking up a system with jsp pages and servlets (including Javabean classes) and SQL Server.  I am following the 3 teir design pattern, using jsps for the interface, serlvets for processing, and javabeans to hold information during the user's session.

I am a bit confused as to whether I need to use cookies.

So far I have used a Javabean instance to set information about the user that has logged in, so that I can use that information throughout the user's session.  For example, I can use the Javabean that has been set, to get the user's names, staff id, region and so forth.  So it seems to me when I want to know who the user is, I just need to get those properties from the java bean.

Do I need to consider using cookies, or will the fact that I am using Javabeans (not enterprise Javabeans) suffice?

2 Solutions
I would stick with your javabean / session implementation.  The only thing I usually store in a cookie is the user name they typed on the login page.  This way next time they come back I populate the user name for them.  

As above, javabeans in the session will suffice.

Only use cookies if you have non-secure data that you want to persist over a number of visits, such as auto-login as this site uses. As the session is not sent to the user, it is far more secure so infomation like userid and password should never be set in the cookie.

Persistence of form information is also somehting that I would store in the sessions. For example, this is used in Struts for returning to the form when the entries have failed validation.
pmccar06Author Commented:
Hi guys

Thanks for your help.  Much appreciated.

Cheers Phil
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now